I am new to Opnsense, but so far liked everything Opnsense has to offer. However, recently I got stuck using Captive Portal. My requirement is to use Captive Portal with Transparent Proxy and it does not seem to work.

1. Standalone Captive portal work fine.2. Captive Portal with Forward Proxy work absolutely fine, does web filtering as well.3. Captive Portal with Transparent Proxy does not seem to work. Works at times and fails at times.

My requirement is to allow Captive Portal authenticate users and then pass on the session to Transparent proxy. I see two rules in IPFW, one to pass all port 80 traffic to Captive Portal and below it is a rule to pass that traffic through. I want Captive portal to pass the authenticated traffic to proxy when Transparent proxy is enabled. Something similar to this is what i see:

05002 fwd 127.0.0.1,9000 tcp from any to any dst-port 80 in via em105002 allow ip from any to any dst-port 80 via em1

I only need the authenticated traffic to pass to proxy and then the proxy take effect.

It would be a great help if anyone can suggest a solution. I have checked pretty much everywhere with no results.

I want to install Opnsense in my production environment and this is a requirement.

Can someone help me pass authenticated traffic to proxy on port 3128. Basically, here are the IPFW rules:

# redirect non-authenticated clients to captive portal @ local port 8000 + zoneid#======================================================================================add 5000 fwd 127.0.0.1,8000 tcp from any to any dst-port 443 in via em2add 5000 allow ip from any to any dst-port 443 via em2add 5000 fwd 127.0.0.1,9000 tcp from any to any dst-port 80 in via em2add 5000 allow ip from any to any dst-port 80 via em2

# pass authorizedadd 65533 pass ip from any to any

I need help in passing the authenticated traffic to proxy_IP:3128. Then the proxy will hopefully pass the traffic out. This way I may be able to use Captive Portal with Transparent Proxy.

I have the same problem. captive port goes smoothly on the hotspot network, trasparent proxy and content filtering goes perfectly on the LAN networkIf the hotspot network I enable trasparent proxy the captive portal is no longer working and the clients it logs without login to the network, but at least the trasparent proxy work

I have a slightly different setup, I have setup captive portal and transparent proxy on the LAN interface. I, have finally managed to get it to work, with a workaround. Here is what I have done.

1. When you enable captive portal, it creates IPFW rules:# redirect non-authenticated clients to captive portal @ local port 8000 + zoneid#======================================================================================add 5000 fwd 127.0.0.1,8000 tcp from any to any dst-port 443 in via em2add 5000 allow ip from any to any dst-port 443 via em2add 5000 fwd 127.0.0.1,9000 tcp from any to any dst-port 80 in via em2add 5000 allow ip from any to any dst-port 80 via em2

This is to throw the Captive Portal to users.

2. After getting authenticated, the traffic passes through the following rules:# pass authorizedadd 65533 pass ip from any to any

3. I have create two IPFW rules to pass the authenticated traffic to the Transparent Proxy:# pass authorizedadd 65530 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 in via em2add 65530 allow ip from any to any dst-port 80 via em2add 65533 pass ip from any to any

It then passes the traffic to the proxy. You just need to ensure that in the Firewall Rules, there is no rule to either block port 80 traffic, neither a NAT rule to redirect it to the transparent proxy.

#======================================================================================# redirect non-authenticated clients to captive portal @ local port 8000 + zoneid#======================================================================================add 5000 fwd 127.0.0.1,8000 tcp from any to any dst-port 443 in via em2add 5000 allow ip from any to any dst-port 443 via em2add 5000 fwd 127.0.0.1,9000 tcp from any to any dst-port 80 in via em2add 5000 allow ip from any to any dst-port 80 via em2

#======================================================================================# accept traffic from all interfaces not used by captive portal#======================================================================================# let the responses from the captive portal web server back outadd 6000 skipto 60000 tcp from any to any out# forward unauthorized traffic from captiveportal interfaces to block ruleadd 6002 skipto 65534 all from any to any via em2# send all the rest to the traffic shaper rulesadd 6199 skipto 60000 all from any to any

#======================================================================================# setup zone accounting section#======================================================================================# zone OPT Captive Portal (0)add 10001 count ip from any to any via em2add 10998 skipto 30000 all from any to any via em2add 10999 deny all from any to any not via em2

#======================================================================================# setup accounting section, first rule is counting all CP traffic#======================================================================================add 30000 set 0 count ip from any to any